12 Hits in 4.7 sec

Implementing Grover oracles for quantum key search on AES and LowMC [article]

Samuel Jaques, Michael Naehrig, Martin Roetteler, Fernando Virdia
2019 arXiv   pre-print
As part of this work, we release Q# implementations of the full Grover oracle for AES-128, -192, -256 and for the three LowMC instantiations used in Picnic, including unit tests and code to reproduce our  ...  In NIST's post-quantum cryptography standardization process, security categories are defined based on the concrete cost of quantum key search against AES.  ...  providing the AND gate circuit we use, and Daniel Kales and Greg Zaverucha for their input on Picnic and LowMC.  ... 
arXiv:1910.01700v1 fatcat:5qw7ja66zve6foosmveueiqz2a

Quantum Cryptanalysis (Dagstuhl Seminar 19421)

Michele Mosca, Maria Naya-Plasencia, Rainer Steinwandt, Michael Wagner
2020 Dagstuhl Reports  
Several NIST employees attended the seminar and lead a discussion session on the topic. As one would hope hoped for, many talks had an algorithmic focus.  ...  Establishing reasonably precise quantum resource counts for cryptanalytic attacks against symmetric and asymmetric schemes, especially for problem instances and parameter choices that are actually deployed  ...  Grover oracles for quantum key search on AES and LowMC", IACR Cryptology ePrint Archive, Vol. 2019, p. 1146, 2019.  ... 
doi:10.4230/dagrep.9.10.47 dblp:journals/dagstuhl-reports/MoscaNS19 fatcat:b4fbhk267zhsdch2lotalrzwoa

On recovering block cipher secret keys in the cold boot attack setting [article]

Gustavo Banegas, Ricardo Villanueva-Polanco
2022 arXiv   pre-print
We also show how to implement the quantum component of our algorithm for several block ciphers such as AES, PRESENT and GIFT, and LowMC.  ...  is of great importance for their overall assessment, we show the feasibility of performing our hybrid attack on Picnic, a post-quantum signature algorithm being an alternate candidate in the NIST post-quantum  ...  Also, we show how to implement the quantum component of our algorithm for several block ciphers such as AES, PRESENT and GIFT, and LowMC.  ... 
arXiv:2205.04220v1 fatcat:msrqj73iyjcifhfmhr2m2hxbuy

Quantum Search for Lightweight Block Ciphers: GIFT, SKINNY, SATURNIN [article]

Subodh Bijwe, Amit Kumar Chauhan, Somitra Kumar Sanadhya
2020 IACR Cryptology ePrint Archive  
We also provide Q# implementation of the full Grover oracles for all versions of GIFT, SKINNY, and SATURNIN for unit tests and automatic resource estimations.  ...  (EUROCRYPT 2020) presented the cost estimates of quantum key search attacks against AES under different security categories as defined in NIST's PQC standardization process.  ...  As a working example, they implemented the full Grover's oracle for key search on AES and LowMC in Q# quantum programming language.  ... 
dblp:journals/iacr/BijweCS20 fatcat:vk5zl35mlrh5djucxunpor5scm

An Implementation of the Quantum Verification of Matrix Products Algorithm [article]

Elton Pinto
2022 arXiv   pre-print
We report circuit metrics (gate count, qubit count, circuit depth), transpilation time, simulation time, and a proof of Grover oracle correctness.  ...  We present a space-efficient implementation of the quantum verification of matrix products (QVMP) algorithm and demonstrate its functionality by running it on the Aer simulator with two simulation methods  ...  There exists research on resource estimate quantification and benchmarking for some quantum algorithms. Jaques et al. implemented Grover oracles for key search on AES and LowMC encryption [15] .  ... 
arXiv:2208.09914v1 fatcat:nq3xhmjcajhexemcurnyyti7fi

Quantum Analysis of AES [article]

Kyungbae Jang, Anubhab Baksi, Gyeongju Song, Hyunji Kim, Hwajeong Seo, Anupam Chattopadhyay
2022 IACR Cryptology ePrint Archive  
Keeping this in mind, our work explores the key recovery attack using the Grover's search on the three variants of AES (-128, -192, -256) with respect to the quantum implementation and the quantum key  ...  In a nutshell, we present the least Toffoli depth and full depth implementations of AES, thereby improving from Zou et al.'s Asiacrypt'20 paper by more than 98 percent for all variants of AES.  ...  Now, we compare the cost of quantum exhaustive key search of AES and LowMC in this work with NIST security.  ... 
dblp:journals/iacr/JangBSKSC22 fatcat:azhikr5dinfifewdlg7pvxwkxa

Quantum search for scaled hash function preimages

Sergi Ramos-Calderer, Emanuele Bellini, José I. Latorre, Marc Manzano, Victor Mateu
2021 Quantum Information Processing  
AbstractWe present the implementation of Grover's algorithm in a quantum simulator to perform a quantum search for preimages of two scaled hash functions, whose design only uses modular addition, word  ...  The detailed construction of the quantum oracle shows that the presence of AND gates, OR gates, shifts of bits and the reuse of the initial state along the computation require extra quantum resources as  ...  Acknowledgements The authors would like to thank Najwa Aaraj for useful discussions and proof-reading. SRC acknowledges Stefano Carrazza for help with code availability and testing.  ... 
doi:10.1007/s11128-021-03118-9 fatcat:h34exvfpdrcqld6d74jkzx4oeq

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives

Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
In our signature constructions, the public key is an image y = f (x) of a one-way function f and secret key x.  ...  and end up using LowMC. * This paper is a merge of [32, 44] .  ...  For the 128 bit security level and accounting for Grover one obtains signature sizes of around ≈ 129 kB (in the best case) and public key size of ≈ 160 bytes. 2 We note that there are also other code-based  ... 
doi:10.1145/3133956.3133997 dblp:conf/ccs/ChaseDGORRSZ17 fatcat:zz67tvgotzfs7kjhwtj7kmi7ry

Synthesizing Quantum Circuits of AES with Lower T-depth and Less Qubits [article]

Zhenyu Huang, Siwei Sun
2022 IACR Cryptology ePrint Archive  
based on Grover and Simon's algorithms.  ...  As a result, the T -depth and width (number of qubits) required for implementing the quantum circuits of AES are significantly reduced.  ...  When given some pairs of plaintext and ciphertext, by constructing a Grover oracle with the key |k⟩ as the input, one can use Grover's algorithm to search the correct key.  ... 
dblp:journals/iacr/HuangS22 fatcat:hyncsr4f3jgt3lt2bqjlj2bvli

Post Quantum Cryptography: Techniques, Challenges, Standardization, and Directions for Future Research [article]

Ritik Bavdekar, Eashan Jayant Chopde, Ashutosh Bhatia, Kamlesh Tiwari, Sandeep Joshua Daniel, Atul
2022 arXiv   pre-print
Grover's search algorithm gives a square root time boost for the searching of the key in symmetric schemes like AES and 3DES.  ...  The development of large quantum computers will have dire consequences for cryptography. Most of the symmetric and asymmetric cryptographic algorithms are vulnerable to quantum algorithms.  ...  Many implementations of AES as a quantum circuit exist. The crack using Grover's search algorithm requires the AES algorithm to be on a quantum circuit.  ... 
arXiv:2202.02826v1 fatcat:ghq4lqiu4rf5vpuv6gbk7ws4jm

On the Transition to Post-Quantum Cryptography in the Industrial Internet of Things

Sebastian Paul
As a result, their performance and design characteristics prevent them from being simple drop-in replacements for current public-key schemes.  ...  First, we propose cryptographic agility as one of the most important prerequisites for the transition to PQC.  ...  0 bit Key Establishment Scheme (EC)DH (EC) Discrete Logarithm → Shor: ∼ 0 bit Symmetric-Key Encryption AES-128 AES-256 Block Cipher Block Cipher → Grover: ∼ 64 bit → Grover: ∼ 128 bit Hash Function SHA2  ... 
doi:10.26083/tuprints-00021368 fatcat:sh7lyimvzbdpzfbvw5crl6567i

Dagstuhl Reports, Volume 9, Issue 10, October 2019, Complete Issue

Implementing Grover oracles for quantum key search on AES and LowMC In contrast, we study the cost of quantum key search attacks under a depth restriction and introduce techniques that reduce the oracle  ...  Grover oracles for quantum key search on AES and LowMC", IACR Cryptology ePrint Archive, Vol. 2019, p. 1146, 2019.  ...  FPT-approximation, and 3. parameterized local search. Split networks are one of the most commonly used type of phylogenetic network [2, 3] .  ... 
doi:10.4230/dagrep.9.10 fatcat:4dvf4zjt4nhafhwb4ot23au3ua